New email virus spams mobile phone users

[William Knowles <wk () C4I ORG>]

http://news.cnet.com/news/0-1005-200-2026192.html?tag=st.ne.1002.tgif.ni

By Evan Hansen
Staff Writer, CNET News.com
June 6, 2000, 12:05 p.m. PT

Update: Mobile phone customers are being targeted by a new computer
virus that Internet security experts said is the first of its kind.

The virus, called "Timofonica," is reported to be "in the wild" in
Spain, where customers of the phone company Movistar have been hit
with annoying computer-generated phone calls, according to the
antivirus firm Kaspersky Lab. The virus type, known as a worm, targets
phones that use the European GSM mobile standard.

Security experts said the virus is the first to hit mobile phones,
although they emphasized that the worm is propagated by computer and
not via the telephone system. They also said the attack is relatively
benign, as it does not destroy computer files but merely delivers a
message disparaging the Spanish telephone company Telefonica.

"It's an annoying message type," said Chris Vargas, president of
F-Secure, an Internet security firm that also reported the worm this
morning. "The virus' purpose is to propagate a harmless message."

Like the notorious "I Love You" virus that spread quickly through
corporate computer systems across the globe last month, the Timofonica
virus was written using Microsoft's VBScript programming language.
Also like the Love bug, Timofonica spreads via email by sending
infected messages from affected computers. The worm sends itself to
all addresses that are stored in a person's address book.

"We believe the worm originated in Spain," Varga said. "The message is
in Spanish, and the message is directed at a Spanish operator."

In addition, the worm sends a message to a so-called short messaging
service (SMS) gateway that converts text messages to voice and sends
them to mobile phone users. The worm randomly generates phone numbers
targeting the "corio.movistar.net" SMS gate.

Every time the worm is forwarded to a new address, it sends a new SMS
message to a randomly selected number, thus bombarding people with SMS
messages.

Timfonica isn't the first virus to attack telephones. Earlier this
year, a phone virus hit 911 systems in Texas. During the I Love You
rampage, some fax machines began spitting out harmless pages of code,
thanks to email-to-fax services.

While today's attack may be relatively benign, it points to the
potential for more serious mischief as voice and data as well as
mobile and fixed communications systems become more entwined.

Most large Web companies are already looking to offer wireless and
voice services to augment the predominantly PC-based Internet entry
point. Because viruses have the potential to reach every point in the
network, the risk of serious infection increases as the network grows.

Security experts said that viruses targeting phones and wireless
handheld devices aren't likely to pose a major threat any time soon,
however.

Dan Schrader, chief security analyst at Trend Micro, acknowledged that
some wireless devices, such as PalmPilots, are powerful computers in
their own right and pose a theoretical risk of increasing the spread
of viruses. But he said traditional computer networks are the most
vulnerable to viruses and are likely to remain so despite growing
network convergence.

Schrader pointed to several factors likely to mitigate viruses that
jump off computers to attack other parts of a network. The culture of
virus writers, he said, leads them to attack the most widely adopted
technologies, making Microsoft's personal computing software the
primary target for now.

"Theoretical security problems don't always materialize in the real
world," he said. "For example, we have identified the potential to
create Java applet viruses, but two years later, we have yet to see
one."

In addition, he said, writing viruses that will run on multiple
platforms is next to impossible, meaning that wireless breakouts will
be quarantined over divergent operating systems and hardware.

Schrader said that today's attack could point to new ways of
protecting against future viruses.

"The use of desktop antivirus software has proven to be a failure," he
said, noting that new viruses often spread before antidotes can be
posted.

Schrader said the correct way to stop viruses is at key points on the
network--at the wireless gateway, for example. Such a solution would
also save handheld users from having to place memory-hungry antivirus
tools on their cellular phones.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".